fix: Verification code is not case sensitive #3121
Conversation
| @@ -105,7 +105,7 @@ def is_valid(self, *, raise_exception=False): | |||
| """ | |||
| super().is_valid(raise_exception=True) | |||
| captcha = self.data.get('captcha') | |||
| captcha_value = captcha_cache.get(f"LOGIN:{captcha}") | |||
| captcha_value = captcha_cache.get(f"LOGIN:{captcha.lower()}") | |||
| if captcha_value is None: | |||
| raise AppApiException(1005, _("Captcha code error or expiration")) | |||
| username = self.data.get("username") | |||
There was a problem hiding this comment.
The provided code snippet has a few improvements and clarifications that can be made:
-
Case Insensitivity Fix: The
captcha_cachekeys should be consistent to avoid errors related to case sensitivity. Change both instances where keys are formed fromchars(line 63) andcaptcha_value(line 108). Use lowercase for uniformity, as shown:captcha_cache.set(f"LOGIN:{captcha.lower()}", chars, timeout=5 * 60)
-
Code Readability: Consider adding comments at the beginning of your functions to explain what they do briefly, especially if they are large.
-
Error Handling: Ensure you handle exceptions correctly within the
is_validmethod to provide meaningful feedback to the user when the captcha code is invalid or expires. -
Security Advice: Although not directly relevant to the code itself, it's worth considering that using passwords or captchas in plain text storage could expose sensitive information. In practice, use environment variables or secure vaults to store such credentials rather than hardcoding them in your application.
With these changes, the code will behave more robustly and securely while maintaining its functionality.
fix: Verification code is not case sensitive